Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/4974)
typedef uint8_t u8;
typedef uint64_t u64;
typedef uint8_t u8;
typedef uint64_t u64;
/******************************************************************************/
/*-
/******************************************************************************/
/*-
typedef uint8_t u8;
typedef uint32_t u32;
typedef uint64_t u64;
typedef uint8_t u8;
typedef uint32_t u32;
typedef uint64_t u64;
/*
* The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
/*
* The underlying field. P256 operates over GF(2^256-2^224+2^192+2^96-1). We
{
felem tmp;
u64 a, b, mask;
{
felem tmp;
u64 a, b, mask;
static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
/* Carry 2->3 */
static const u64 kPrime3Test = 0x7fffffff00000001ul; /* 2^63 - 2^32 + 1 */
/* Carry 2->3 */
* In order to make space in tmp[3] for the carry from 2 -> 3, we
* conditionally subtract kPrime if tmp[3] is large enough.
*/
* In order to make space in tmp[3] for the carry from 2 -> 3, we
* conditionally subtract kPrime if tmp[3] is large enough.
*/
+ high = (u64)(tmp[3] >> 64);
/* As tmp[3] < 2^65, high is either 1 or 0 */
/* As tmp[3] < 2^65, high is either 1 or 0 */
- high <<= 63;
- high >>= 63;
/*-
* high is:
* all ones if the high word of tmp[3] is 1
/*-
* high is:
* all ones if the high word of tmp[3] is 1
- * all zeros if the high word of tmp[3] if 0 */
- low = tmp[3];
- mask = low >> 63;
+ * all zeros if the high word of tmp[3] if 0
+ */
+ low = (u64)tmp[3];
+ mask = 0 - (low >> 63);
/*-
* mask is:
* all ones if the MSB of low is 1
/*-
* mask is:
* all ones if the MSB of low is 1
- * all zeros if the MSB of low if 0 */
+ * all zeros if the MSB of low if 0
+ */
low &= bottom63bits;
low -= kPrime3Test;
/* if low was greater than kPrime3Test then the MSB is zero */
low = ~low;
low &= bottom63bits;
low -= kPrime3Test;
/* if low was greater than kPrime3Test then the MSB is zero */
low = ~low;
/*-
* low is:
* all ones if low was > kPrime3Test
/*-
* low is:
* all ones if low was > kPrime3Test
- * all zeros if low was <= kPrime3Test */
+ * all zeros if low was <= kPrime3Test
+ */
mask = (mask & low) | high;
tmp[0] -= mask & kPrime[0];
tmp[1] -= mask & kPrime[1];
mask = (mask & low) | high;
tmp[0] -= mask & kPrime[0];
tmp[1] -= mask & kPrime[1];
equal &= equal << 4;
equal &= equal << 2;
equal &= equal << 1;
equal &= equal << 4;
equal &= equal << 2;
equal &= equal << 1;
- equal = ((s64) equal) >> 63;
+ equal = 0 - (equal >> 63);
all_equal_so_far &= equal;
}
all_equal_so_far &= equal;
}
is_zero &= is_zero << 4;
is_zero &= is_zero << 2;
is_zero &= is_zero << 1;
is_zero &= is_zero << 4;
is_zero &= is_zero << 2;
is_zero &= is_zero << 1;
- is_zero = ((s64) is_zero) >> 63;
+ is_zero = 0 - (is_zero >> 63);
is_p = (small[0] ^ kPrime[0]) |
(small[1] ^ kPrime[1]) |
is_p = (small[0] ^ kPrime[0]) |
(small[1] ^ kPrime[1]) |
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
typedef uint8_t u8;
typedef uint64_t u64;
typedef uint8_t u8;
typedef uint64_t u64;
/*
* The underlying field. P521 operates over GF(2^521-1). We can serialise an
/*
* The underlying field. P521 operates over GF(2^521-1). We can serialise an
* We know that ftmp[i] < 2^63, therefore the only way that the top bit
* can be set is if is_zero was 0 before the decrement.
*/
* We know that ftmp[i] < 2^63, therefore the only way that the top bit
* can be set is if is_zero was 0 before the decrement.
*/
- is_zero = ((s64) is_zero) >> 63;
+ is_zero = 0 - (is_zero >> 63);
is_p = ftmp[0] ^ kPrime[0];
is_p |= ftmp[1] ^ kPrime[1];
is_p = ftmp[0] ^ kPrime[0];
is_p |= ftmp[1] ^ kPrime[1];
is_p |= ftmp[8] ^ kPrime[8];
is_p--;
is_p |= ftmp[8] ^ kPrime[8];
is_p--;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_zero |= is_p;
return is_zero;
is_zero |= is_p;
return is_zero;
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
is_p &= is_p << 4;
is_p &= is_p << 2;
is_p &= is_p << 1;
- is_p = ((s64) is_p) >> 63;
+ is_p = 0 - (is_p >> 63);
is_p = ~is_p;
/* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */
is_p = ~is_p;
/* is_p is 0 iff |out| == 2^521-1 and all ones otherwise */
is_greater |= is_greater << 4;
is_greater |= is_greater << 2;
is_greater |= is_greater << 1;
is_greater |= is_greater << 4;
is_greater |= is_greater << 2;
is_greater |= is_greater << 1;
- is_greater = ((s64) is_greater) >> 63;
+ is_greater = 0 - (is_greater >> 63);
out[0] -= kPrime[0] & is_greater;
out[1] -= kPrime[1] & is_greater;
out[0] -= kPrime[0] & is_greater;
out[1] -= kPrime[1] & is_greater;
projects / openssl.git / commitdiff